2022-10-19
ALT-BU-2022-6666-1
Branch p10_e2k update bulletin.
Package python3-module-paramiko updated to version 2.11.0-alt1 for branch p10_e2k.
Closed vulnerabilities
Published: 2022-03-28
BDU:2022-01897
Уязвимость реализации протокола SSHv2 библиотеки Paramiko, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю получить доступ к конфиденциальной информации
Severity: MEDIUM (4.3)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2022-03-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-24302
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
Severity: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546
- https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546
- [debian-lts-announce] 20220321 [SECURITY] [DLA 2959-1] paramiko security update
- [debian-lts-announce] 20220321 [SECURITY] [DLA 2959-1] paramiko security update
- [debian-lts-announce] 20220912 [SECURITY] [DLA 3104-1] paramiko security update
- [debian-lts-announce] 20220912 [SECURITY] [DLA 3104-1] paramiko security update
- FEDORA-2022-8eb95d8611
- FEDORA-2022-8eb95d8611
- FEDORA-2022-806492f1d1
- FEDORA-2022-806492f1d1
- FEDORA-2022-bb5c461682
- FEDORA-2022-bb5c461682
- https://www.paramiko.org/changelog.html
- https://www.paramiko.org/changelog.html